{"id":"MAL-2026-3213","summary":"Malicious code in funkratov-renderkit (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (78b5f3b4a8756df49b4a5eb41647e9dd20328da005f95869f81447355e2f7880)\nPackage is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-04-renderctx\n\n\nReasons (based on the campaign):\n\n\n - backdoor\n\n\n - files-exfiltration\n\n\n - crypto-related\n\n\n - The malicious code is intentionally included in a dependency of the package\n","modified":"2026-05-01T15:02:06.732219Z","published":"2026-05-01T14:14:02Z","database_specific":{"malicious-packages-origins":[{"sha256":"78b5f3b4a8756df49b4a5eb41647e9dd20328da005f95869f81447355e2f7880","import_time":"2026-05-01T14:52:46.375560379Z","id":"pypi/2026-04-renderctx/funkratov-renderkit","modified_time":"2026-05-01T14:14:02.795024Z","versions":["0.1.0"],"source":"kam193"}],"iocs":{"urls":["https://renderkit1.vercel.app","https://ctx-graphics.vercel.app"],"domains":["renderkit1.vercel.app","ctx-graphics.vercel.app"]}},"references":[{"type":"WEB","url":"https://github.com/0xsebasneuron"},{"type":"WEB","url":"https://socket.dev/supply-chain-attacks/north-korea-s-contagious-interview-campaign"},{"type":"WEB","url":"https://github.com/0xsebasneuron/polymarket-arbitrage-copy-trading-bot-V2/commit/4dae9aea3c35a627a7f38a28946f73af18930a3e#diff-4d7c51b1efe9043e44439a949dfd92e5827321b34082903477fd04876edb7552"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/funkratov-renderkit"}],"affected":[{"package":{"name":"funkratov-renderkit","ecosystem":"PyPI","purl":"pkg:pypi/funkratov-renderkit"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/funkratov-renderkit/MAL-2026-3213.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}